The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), in conjunction with international partners from Australia and Canada, have released official guidance to harden on-premise Microsoft Exchange Server instances. The joint advisory addresses the persistent threat of malicious activity targeting unprotected and misconfigured Exchange environments, which continue to face the brunt of cyber attacks.

The agencies have provided a clear roadmap for organizations to bolster their defenses against potential exploitation. This initiative underscores the ongoing risks associated with on-premise Exchange infrastructure and provides actionable steps for system administrators and cybersecurity professionals to implement immediately. The guidance focuses on proactive security measures and strategic infrastructure decisions to mitigate vulnerabilities.

Key Recommendations for Hardening Exchange Servers

According to the advisory, a multi-layered defense strategy is essential for protecting Exchange servers. “By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security configurations, and adopting zero trust (ZT) security model principles, organizations can significantly bolster their defenses against potential cyber attacks,” CISA stated. These measures are designed to reduce the attack surface and make it more difficult for malicious actors to compromise systems. Maintaining a consistent and timely security update and patching cadence is also listed as a fundamental best practice to protect against known exploits.

Addressing End-of-Life Systems and Modernization

The guidance also addresses the significant risks posed by outdated systems. The agencies explicitly advise organizations to decommission end-of-life on-premises or hybrid Exchange servers. The recommended course of action is to complete the transition to a modern cloud platform such as Microsoft 365. This migration is a critical step in moving away from legacy infrastructure that may no longer receive security updates, thereby eliminating a common vector for cyber attacks. The advisory serves as an urgent call for organizations to prioritize the security and modernization of their email infrastructure.

Source: https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html